ingress rate-limit problem

  • 0
  • 1
  • Problem
  • Updated 2 years ago
  • Not a Problem
  • (Edited)
I'm having problem with access-list that i'm using for user ports ingress-limit. Sometimes access-list just seems to fail. User get IP-address, but no trafic will flood.

Only way to solve that problem is unconfigure access-list for that user port and put it back.

Meter that i use is:
create meter meter10M
configure meter meter10M committed-rate 11000 Kbps max-burst-size 500 Kb out-actions drop

And my policy-file:
entry policy {
if match all {
}
then {
permit;
meter meter10M ;
}}

How i use it under port:
configure access-list in_10M port 2 ingress

Does anyone have same problem? Or am i doing something wrong?
I have x460, x440, x430 switches and it's same problem with all of them.
Photo of Tuomas Rasku

Tuomas Rasku

  • 120 Points 100 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Vellachery, Sumeesh

Vellachery, Sumeesh, Employee

  • 3,268 Points 3k badge 2x thumb
Tuomas Rasku,

I have reviewed the configuration, the meter configuration looks fine. During the failed state, you have mentioned that no traffic will flood, can you please clarify this part?
Also, did you get a chance to look at the port utilization during a working condition and non-working condition?  Command to check the port utilization "show ports <port#> utilization".
What is the EXOS Release running on the switch?

Regards,
Sumeesh.v
Photo of Tuomas Rasku

Tuomas Rasku

  • 120 Points 100 badge 2x thumb
We have different EXOS versions on switshes, 15.3.1.4, 15.5.2.9 pathc1-5,  15.7.1.4. Same problem with all.
I can check the port utilization at next time when this problem occurs. But sometimes it might get i while.
Photo of Tuomas Rasku

Tuomas Rasku

  • 120 Points 100 badge 2x thumb
When this problem is on, there is no RX-trafic. Some TX-trafic goes, but only few bits.
Photo of Jarek

Jarek

  • 2,398 Points 2k badge 2x thumb
Hi Tuomas,

you wrote that sometimes ACL fail to install and you must unconfigure ACL's.
Maybe the ACL manager has a problem to install ACL because it has no space for it.

Could you show us:
for 24 port switch
sh access-list usage acl-slice port 1 

For 48 port switch
sh access-list usage acl-slice port 1 
sh access-list usage acl-slice port 25

and write on what model you have execute that command

Do you have ACL on ports only or mixed ports and vlan's ?

Regards
--
Jarek
(Edited)
Photo of Pa Trick

Pa Trick

  • 166 Points 100 badge 2x thumb
Hi,
We can confirm this problem.
We use the Software 15.5.3.4 patch1-6 on Extreme x460-24x.
We have the problem when we put the access-list with ingress policy on an interface away.
The other interfaces with an different acl they are affected.
As workaround we have load an other acl on an interface, so all interface with acl worked again.

But thats not a solution, is there something else that we can do.

Regards
Patrick
Photo of Drew C.

Drew C., Community Manager

  • 37,366 Points 20k badge 2x thumb
Hi Tuomas,
Unless this has been resolved, the progression of this thread indicates sounds like it might be best to open a case with GTAC so that it can be tested.
Photo of Tuomas Rasku

Tuomas Rasku

  • 120 Points 100 badge 2x thumb
sh access-list usage acl-slice port 2:25

Ports 2:25-2:50
Stage: INGRESS
Slices:          Used: 2  Available: 14
Slice 0 Rules:   Used: 0  Available: 0
Slice 1 Rules:   Used: 0  Available: 0
Slice 2 Rules:   Used: 0  Available: 0
Slice 3 Rules:   Used: 0  Available: 0
Slice 4 Rules:   Used: 0  Available: 0
Slice 5 Rules:   Used: 0  Available: 0
Slice 6 Rules:   Used: 0  Available: 0
Slice 7 Rules:   Used: 0  Available: 0
Slice 8 Rules:   Used: 0  Available: 0
Slice 9 Rules:   Used: 0  Available: 0
Slice 10 Rules:   Used: 0  Available: 0
Slice 11 Rules:   Used: 0  Available: 0
Slice 12 Rules:   Used: 0  Available: 0
Slice 13 Rules:   Used: 0  Available: 0
Slice 14 Rules:   Used: 10  Available: 246 system
Slice 15 Rules:   Used: 130  Available: 126 user/other
Stage: EGRESS
Slices:          Used: 0  Available: 4
Slice 0 Rules:   Used: 0  Available: 0
Slice 1 Rules:   Used: 0  Available: 0
Slice 2 Rules:   Used: 0  Available: 0
Slice 3 Rules:   Used: 0  Available: 0
Stage: LOOKUP
Slices:          Used: 1  Available: 3
Slice 0 Rules:   Used: 0  Available: 0
Slice 1 Rules:   Used: 0  Available: 0
Slice 2 Rules:   Used: 0  Available: 0
Slice 3 Rules:   Used: 31  Available: 481 system
Stage: EXTERNAL
Slices:          Used: 0  Available: 0
Photo of Pa Trick

Pa Trick

  • 166 Points 100 badge 2x thumb
Hi Tuomas
Do get an solution of your Problems, because we have still the same Problem ?
Photo of Jarek

Jarek

  • 2,398 Points 2k badge 2x thumb
Hi,

could you explain your problem with details?
You have an ACL, then apply on port...etc...


--
Jarek